Skip Menu |

This queue is for tickets about the File-MMagic-XS CPAN distribution.

Report information
The Basics
Id: 123503
Status: new
Priority: 0/
Queue: File-MMagic-XS
People
Owner: Nobody in particular
Requestors: alexander.bluhm [...] gmx.net
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.09008
Fixed in: (no value)

History Show all quoted text
  Fri Nov 03 14:02:00 2017 alexander.bluhm [...] gmx.net - Ticket created
Subject: Segmentation fault in fmm_mget
When running the tests in the OpenBSD port, File-MMagic-XS-0.09008 crashes sometimes. Core was generated by `perl'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00001f0ae18b6480 in _libc_memcpy (dst0=0x7f7ffffbf0a8, src0=<optimized out>, length=64) at /usr/src/lib/libc/string/memcpy.c:103 103 TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize); (gdb) bt #0 0x00001f0ae18b6480 in _libc_memcpy (dst0=0x7f7ffffbf0a8, src0=<optimized out>, length=64) at /usr/src/lib/libc/string/memcpy.c:103 #1 0x00001f0aab4a5cf1 in fmm_mget (state=0x1f0b2042d480, p=0x7f7ffffbf0a8, s=0x1f0af0a65800 "# perl-test\nuse strict;\nuse Test::More;\nmy %map;\nBEGIN\n{\n my $file = __FILE__;\n %map = (\n $file", ' ' <repeats 13 times>, "=> 'text/plain',\n 't/data/test.xml' => 'text/xml',\n 't/data/test."..., m=0x1f0ad61fb800, nbytes=4096) at src/perl-mmagic-xs.c:438 #2 0x00001f0aab4a59be in fmm_softmagic (state=0x1f0b2042d480, buf=0x7f7ffffbf180, size=4096, mime_type=0x7f7ffffbf178) at src/perl-mmagic-xs.c:1331 #3 0x00001f0aab4a48fc in fmm_bufmagic (state=0x1f0b2042d480, buffer=0x7f7ffffbf180, mime_type=0x7f7ffffbf178) at src/perl-mmagic-xs.c:1405 #4 0x00001f0aab4a4840 in PerlFMM_bufmagic (self=0x1f0b2042d480, buf=0x1f0a7d9b5ac0) at src/perl-mmagic-xs.c:1628 #5 0x00001f0aab4a17aa in XS_File__MMagic__XS_bufmagic (cv=0x1f0ad8081f28) at src/MMagic.c:446 #6 0x00001f0aa504deb7 in Perl_pp_entersub () at pp_hot.c:3988 #7 0x00001f0aa50439c3 in Perl_runops_standard () at run.c:41 #8 0x00001f0aa5150dec in S_run_body (oldscope=<optimized out>) at perl.c:2479 #9 perl_run (my_perl=<optimized out>) at perl.c:2408 #10 0x00001f085b300671 in main () Problem is that the code in fmm_bufmagic() assumes the buffer has HOWMANY bytes, but PerlFMM_bufmagic() uses the Perl SV buffer with whatever size it has. Growing the buffer fixes the bug. I am using Perl 5.24.3. This is perl 5, version 24, subversion 3 (v5.24.3) built for amd64-openbsd Index: src/perl-mmagic-xs.c --- src/perl-mmagic-xs.c.orig +++ src/perl-mmagic-xs.c @@ -1616,10 +1616,10 @@ PerlFMM_bufmagic(PerlFMM *self, SV *buf) /* rt #28040, allow RV to SVs to be passed here */ if (SvROK(buf) && SvTYPE(SvRV(buf)) == SVt_PV) { - buffer = (unsigned char *) SvPV_nolen( SvRV( buf ) ); - } else { - buffer = (unsigned char *) SvPV_nolen(buf); + buf = SvRV(buf); } + SvGROW(buf, HOWMANY + 1); + buffer = (unsigned char *) SvPV_nolen(buf); FMM_SET_ERROR(self, NULL);
  Fri Nov 03 14:14:35 2017 alexander.bluhm [...] gmx.net - Correspondence added
From: alexander.bluhm [...] gmx.net
I have created a pull request on github. https://github.com/lestrrat/File-MMagic-XS/pull/6